System and Method for Network Level Protection Against Malicious Software
First Claim
1. A method, comprising:
- receiving information related to a network access attempt on a first computing device, the information identifying a software program file associated with the network access attempt;
evaluating a first criterion to determine whether network traffic associated with the software program file is permitted; and
creating a restriction rule to block the network traffic if the network traffic is not permitted, wherein the first criterion includes a trust status of the software program file.
10 Assignments
0 Petitions
Accused Products
Abstract
A method in one example implementation includes receiving information related to a network access attempt on a first computing device with the information identifying a software program file associated with the network access attempt. The method also includes evaluating a first criterion to determine whether network traffic associated with the software program file is permitted and then creating a restriction rule to block the network traffic if the network traffic is not permitted. The first criterion includes a trust status of the software program file. In specific embodiments, the method includes pushing the restriction rule to a network protection device that intercepts the network traffic associated with the software program file and applies the restriction rule to the network traffic. In more specific embodiments, the method includes searching a whitelist identifying trustworthy software program files to determine the trust status of the software program file.
-
Citations
33 Claims
-
1. A method, comprising:
-
receiving information related to a network access attempt on a first computing device, the information identifying a software program file associated with the network access attempt; evaluating a first criterion to determine whether network traffic associated with the software program file is permitted; and creating a restriction rule to block the network traffic if the network traffic is not permitted, wherein the first criterion includes a trust status of the software program file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Logic encoded in one or more tangible media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
-
receiving information related to a network access attempt on a first computing device, the information identifying a software program file associated with the network access attempt; evaluating a first criterion to determine whether network traffic associated with the software program file is permitted; and creating a restriction rule to block the network traffic if the network traffic is not permitted, wherein the first criterion includes a trust status of the software program file. - View Dependent Claims (12, 13, 14)
-
-
15. An apparatus, comprising:
-
a protection module; one or more processors operable to execute instructions associated with the protection module, the one or more processors being operable to perform further operations comprising; receiving information related to a network access attempt on a first computing device, the information identifying a software program file associated with the network access attempt; evaluating a first criterion to determine whether network traffic associated with the software program file is permitted; and creating a restriction rule to block the network traffic if the network traffic is not permitted, wherein the first criterion includes a trust status of the software program file. - View Dependent Claims (16, 17)
-
-
18. A method, comprising:
-
receiving information related to a network access attempt on a first computing device, the information identifying a software program file associated with the network access attempt; evaluating a first criterion to determine whether network traffic associated with the software program file is permitted; and creating a logging rule to log event data related to the network traffic if the network traffic is not permitted, wherein the first criterion includes a trust status of the software program file. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. Logic encoded in one or more tangible media that includes code for execution and when executed by one or more processors is operable to perform the operations comprising:
-
receiving information related to a network access attempt on a first computing device, the information identifying a software program file associated with the network access attempt; evaluating a first criterion to determine whether network traffic associated with the software program file is permitted; and creating a logging rule to log event data related to the network traffic if the network traffic is not permitted, wherein the first criterion includes a trust status of the software program file. - View Dependent Claims (27, 28, 29)
-
-
30. An apparatus, comprising:
-
a protection module; and one or more processors operable to execute instructions associated with the protection module, including; receiving information related to a network access attempt on a first computing device, the information identifying a software program file associated with the network access attempt; evaluating a first criterion to determine whether network traffic associated with the software program file is permitted; and creating a logging rule to log event data related to the network traffic if the network traffic is not permitted, wherein the first criterion includes a trust status of the software program file. - View Dependent Claims (31, 32, 33)
-
Specification